{"vulnerability": "cve-2025-28380", "sightings": [{"uuid": "7975adbb-f2ad-44e7-bf9e-be2b0959a5c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28380", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18293", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28380\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.\n\ud83d\udccf Published: 2025-06-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-13T13:19:21.994Z\n\ud83d\udd17 References:\n1. https://openc3.com/\n2. https://visionspace.com/openc3-cosmos-a-security-assessment-of-an-open-source-mission-framework/", "creation_timestamp": "2025-06-13T13:33:40.000000Z"}, {"uuid": "82986041-9859-4c4f-9d40-4dcd5768e80e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-28380", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114676749186057555", "content": "", "creation_timestamp": "2025-06-13T15:25:26.793591Z"}]}